CVE List - 2024 / July
Showing 2101 - 2200 of 3115 CVEs for July 2024 (Page 22 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-6961 | 2024-07-21 | XXE in Guardrails AI when consuming RAIL documents |
| CVE-2024-6951 | 2024-07-21 | SourceCodester Simple Online Book Store System admin_delete.php sql injection |
| CVE-2024-6952 | 2024-07-21 | itsourcecode University Management System sql injection |
| CVE-2024-6953 | 2024-07-21 | itsourcecode Tailoring Management System sms.php sql injection |
| CVE-2024-6954 | 2024-07-21 | SourceCodester Record Management System sort1.php cross site scripting |
| CVE-2024-6955 | 2024-07-21 | SourceCodester Record Management System sort2.php cross site scripting |
| CVE-2024-6956 | 2024-07-21 | itsourcecode University Management System view_cgpa.php sql injection |
| CVE-2024-6957 | 2024-07-21 | itsourcecode University Management System Login functions.php sql injection |
| CVE-2024-6958 | 2024-07-21 | itsourcecode University Management System Avatar File st_update.php unrestricted upload |
| CVE-2024-38786 | 2024-07-21 | WordPress CoziPress theme <= 1.0.30 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38785 | 2024-07-21 | WordPress Gutenverse plugin <= 1.9.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38784 | 2024-07-21 | WordPress Livemesh Addons for Beaver Builder plugin <= 3.6.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38782 | 2024-07-21 | WordPress Leaflet Maps Marker plugin <= 3.12.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38781 | 2024-07-21 | WordPress CopySafe Web Protection plugin <= 3.15 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37485 | 2024-07-21 | WordPress bbPress Notify (No-Spam) plugin <= 2.18.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37480 | 2024-07-21 | WordPress Apollo13 Framework Extensions plugin <= 1.9.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37466 | 2024-07-21 | WordPress Mega Elements plugin <= 1.2.2 - Contributor+ Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37465 | 2024-07-21 | WordPress AI Power: Complete AI Pack – Powered by GPT-4 plugin <= 1.8.66 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37461 | 2024-07-21 | WordPress IdeaPush plugin <= 8.65 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37460 | 2024-07-21 | WordPress SuperSaaS – online appointment scheduling plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37459 | 2024-07-21 | WordPress PayPlus Payment Gateway plugin <= 6.6.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37457 | 2024-07-21 | WordPress Ultimate Blocks – WordPress Blocks Plugin plugin <= 3.1.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37449 | 2024-07-21 | WordPress Slider Revolution plugin <= 6.7.13 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37447 | 2024-07-21 | WordPress PixelYourSite plugin <= 9.6.1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37446 | 2024-07-21 | WordPress Chained Quiz plugin <= 1.3.2.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-6962 | 2024-07-21 | Tenda O3 formQosSet stack-based overflow |
| CVE-2020-24102 | 2024-07-22 | Directory Traversal vulnerability in Punkbuster pbsv.d64 2.351, allows remote attackers to execute arbitrary code. |
| CVE-2024-28698 | 2024-07-22 | Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component. |
| CVE-2024-38944 | 2024-07-22 | An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component. |
| CVE-2024-39250 | 2024-07-22 | EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface. |
| CVE-2024-40051 | 2024-07-22 | IP Guard v4.81.0307.0 was discovered to contain an arbitrary file read vulnerability via the file name parameter. |
| CVE-2024-40075 | 2024-07-22 | Laravel v11.x was discovered to contain an XML External Entity (XXE) vulnerability. |
| CVE-2024-40502 | 2024-07-22 | SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via the btn_login_b_Click function of the Loginpage.aspx |
| CVE-2024-41314 | 2024-07-22 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. |
| CVE-2024-41315 | 2024-07-22 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. |
| CVE-2024-41316 | 2024-07-22 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. |
| CVE-2024-41317 | 2024-07-22 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. |
| CVE-2024-41318 | 2024-07-22 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. |
| CVE-2024-41320 | 2024-07-22 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function. |
| CVE-2024-41703 | 2024-07-22 | LibreChat through 0.7.4-rc1 has incorrect access control for message updates. |
| CVE-2024-41704 | 2024-07-22 | LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. |
| CVE-2024-41880 | 2024-07-22 | In veilid-core in Veilid before 0.3.4, the protocol's ping function can be misused in a way that decreases the effectiveness of safety and private routes. |
| CVE-2024-24507 | 2024-07-22 | Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component. |
| CVE-2024-34329 | 2024-07-22 | Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-patch-E24-004 patch allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload. |
| CVE-2024-37391 | 2024-07-22 | ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss. |
| CVE-2024-41709 | 2024-07-22 | Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an... |
| CVE-2024-6963 | 2024-07-22 | Tenda O3 formexeCommand stack-based overflow |
| CVE-2024-6964 | 2024-07-22 | Tenda O3 fromDhcpSetSer stack-based overflow |
| CVE-2024-6965 | 2024-07-22 | Tenda O3 fromVirtualSet stack-based overflow |
| CVE-2024-6966 | 2024-07-22 | itsourcecode Online Blood Bank Management System Login login.php sql injection |
| CVE-2024-6967 | 2024-07-22 | SourceCodester Employee and Visitor Gate Pass Logging System sql injection |
| CVE-2024-6968 | 2024-07-22 | SourceCodester Clinics Patient Management System print_patients_visits.php sql injection |
| CVE-2024-6969 | 2024-07-22 | SourceCodester Clinics Patient Management System get_patient_history.php sql injection |
| CVE-2024-6970 | 2024-07-22 | itsourcecode Tailoring Management System staffcatadd.php sql injection |
| CVE-2024-5004 | 2024-07-22 | CM Popup Plugin for WordPress < 1.6.6 - Contributor+ Stored XSS |
| CVE-2024-5529 | 2024-07-22 | WP QuickLaTeX < 3.8.8 - Admin+ Stored XSS |
| CVE-2024-5973 | 2024-07-22 | MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor |
| CVE-2024-6243 | 2024-07-22 | HTML Forms < 1.3.33 - Admin+ Stored XSS |
| CVE-2024-6244 | 2024-07-22 | pz-frontend-manager < 1.0.6 - CSRF change user profile picture |
| CVE-2024-6271 | 2024-07-22 | Community Events < 1.5 - Event Deletion via CSRF |
| CVE-2024-37445 | 2024-07-22 | WordPress HTML5 Audio Player plugin <= 2.2.23 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37436 | 2024-07-22 | WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37434 | 2024-07-22 | WordPress Atarim plugin <= 3.31 - Authenticated Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37433 | 2024-07-22 | WordPress Mailster plugin <= 4.0.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37432 | 2024-07-22 | WordPress Esteem theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37429 | 2024-07-22 | WordPress Login with phone number plugin <= 1.7.35 - Admin+ Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37428 | 2024-07-22 | WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37422 | 2024-07-22 | WordPress Progress Planner plugin <= 0.9.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37416 | 2024-07-22 | WordPress WP Photo Album Plus plugin <= 8.8.00.002 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37414 | 2024-07-22 | WordPress Depicter Slider plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37409 | 2024-07-22 | WordPress PowerPack Lite for Beaver Builder plugin <= 1.3.0.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37278 | 2024-07-22 | WordPress Cards for Beaver Builder plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37275 | 2024-07-22 | WordPress NextScripts plugin <= 4.4.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37271 | 2024-07-22 | WordPress Print My Blog plugin <= 3.27.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37267 | 2024-07-22 | WordPress Striking theme <= 2.3.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37265 | 2024-07-22 | WordPress IdeaPush plugin <= 8.60 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37264 | 2024-07-22 | WordPress Groundhogg plugin <= 3.4.2.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37263 | 2024-07-22 | WordPress Enter Addons – Ultimate Template Builder for Elementor plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37262 | 2024-07-22 | WordPress Online Booking & Scheduling Calendar plugin <= 4.4.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37261 | 2024-07-22 | WordPress WP-Lister Lite for Amazon plugin <= 2.6.16 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37259 | 2024-07-22 | WordPress WP Extended plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37258 | 2024-07-22 | WordPress Social Rocket plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37257 | 2024-07-22 | WordPress Permalink Manager Lite plugin <= 2.4.3.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37246 | 2024-07-22 | WordPress Gallery Slideshow plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37245 | 2024-07-22 | WordPress All In One Redirection plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37244 | 2024-07-22 | WordPress Ninja Beaver Add-ons for Beaver Builder plugin <= 2.4.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37239 | 2024-07-22 | WordPress Branda plugin <= 3.4.17 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37229 | 2024-07-22 | WordPress Blogmentor – Blog Layouts for Elementor plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37223 | 2024-07-22 | WordPress Restaurant Reservations plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37221 | 2024-07-22 | WordPress Kimili Flash Embed plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37219 | 2024-07-22 | WordPress Page Builder Sandwich plugin <= 5.1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-23321 | 2024-07-22 | Apache RocketMQ: Unauthorized Exposure of Sensitive Data |
| CVE-2024-37217 | 2024-07-22 | WordPress Empty Cart Button for WooCommerce plugin <= 1.3.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37216 | 2024-07-22 | WordPress Sketchfab Embed plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37215 | 2024-07-22 | WordPress Transition Slider – Responsive Image Slider and Gallery plugin <= 2.20.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37211 | 2024-07-22 | WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37206 | 2024-07-22 | WordPress Demo Awesome plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37199 | 2024-07-22 | WordPress Enfold theme <= 5.6.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37122 | 2024-07-22 | WordPress Accordions plugin <= 2.3.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37121 | 2024-07-22 | WordPress Shortcode Addons plugin <= 3.2.5 - Cross Site Scripting (XSS) vulnerability |